Class CertificateValidator
-
- All Implemented Interfaces:
public class CertificateValidatorUsed by SealedSessionCipher to validate sealed sender certificates.
-
-
Field Summary
Fields Modifier and Type Field Description private final List<ECPublicKey>trustRoots
-
Constructor Summary
Constructors Constructor Description CertificateValidator(ECPublicKey trustRoot)CertificateValidator(List<ECPublicKey> trustRoots)
-
Method Summary
Modifier and Type Method Description final List<ECPublicKey>getTrustRoots()Unitvalidate(SenderCertificate certificate, Long validationTime)Validates certificate.final Unitvalidate(ServerCertificate certificate)Verifies a ServerCertificate against the set of trust roots. -
-
Constructor Detail
-
CertificateValidator
CertificateValidator(ECPublicKey trustRoot)
-
CertificateValidator
CertificateValidator(List<ECPublicKey> trustRoots)
-
-
Method Detail
-
getTrustRoots
final List<ECPublicKey> getTrustRoots()
-
validate
Unit validate(SenderCertificate certificate, Long validationTime)
Validates
certificate.The default behavior checks the certificate against each key in trustRoots in constant time (that is, no result is produced until every key is checked), making sure one of them has signed its embedded server certificate. The
validationTimeparameter is compared numerically against SenderCertificate.expiration and is not required to use any specific units, but Signal uses milliseconds since 1970.
-
validate
final Unit validate(ServerCertificate certificate)
Verifies a ServerCertificate against the set of trust roots.
This is only meant for convenience in unit testing and thus is not a constant-time operation. It is not used by SealedSessionCipher.
-
-
-
-